← volver
CVE-2021-32707

Bypass of image blocking in Nextcloud Mail

CVSS 4.3 MEDIUMEPSS 1.1%CWE-20CWE-200
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. The issue was patched in version 1.9.6 and 1.10.0. No workarounds are known to exist.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
nextcloud · security-advisories

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/nextcloud/mail/pull/5189https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xxp4-44xc-8crhhttps://hackerone.com/reports/1215251